locked
disabling UAC - reg setting RRS feed

  • Question

  • Hello,

    I need to disable UAC via script. I found this article that shows what registry key to set, but the article is for Windows 7.
    http://www.petri.co.il/disable-uac-in-windows-7.htm

    it specifies to set the following:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    in above location set EnableLUA to 0.

    Is this the same for Server 2008 R2? anything else I should be aware of? or if there is some other way to set UAC settings via powershell script that is preferred, please let me know.

    thanks.
    Tuesday, January 12, 2010 5:47 PM

Answers

  • Disable the setting "User Account Control: Run all administrators in Admin Approval Mode", under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.

    This will disable UAC on Server 2008 R2, Server 2008, Vista and Windows 7.  You could do this in Default Domain Policy, or the "recommended" way, in a new group policy object.

    This will set EnableLUA to DWORD 0x00000000 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

    The explanation from GP editor:

    User Account Control: Run all users, including administrators, as standard users.

    This security setting determines the behavior of all UAC policies for the entire system.

    The options are:

    • Enabled: Admin Approval Mode and all other UAC policies are dependent on this option being enabled.  Changing this setting requires a system reboot.

    • Disabled: Admin Approval Mode user type and all related UAC policies will be disabled.  Note: the Security Center will notify that the overall security of the operating system has been reduced.

    Default: Enabled

    • Marked as answer by c0pe Tuesday, January 12, 2010 9:09 PM
    Tuesday, January 12, 2010 8:43 PM

All replies

  • Thanks kmoran, I appreciate the response. I can see the same registry setting being used there, being set with powershell... what I'm mainly after here though is confirmation that this is the only setting needed for 2008 R2, because I got the info from an article for windows 7. I assumed I would just be modifying the registry, but also figured I would ask about alternatives because direct registry edits are usually my last resort, whether done by wsh or powershell.
    Tuesday, January 12, 2010 7:35 PM
  • Tuesday, January 12, 2010 7:47 PM
  • Disable the setting "User Account Control: Run all administrators in Admin Approval Mode", under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options.

    This will disable UAC on Server 2008 R2, Server 2008, Vista and Windows 7.  You could do this in Default Domain Policy, or the "recommended" way, in a new group policy object.

    This will set EnableLUA to DWORD 0x00000000 in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

    The explanation from GP editor:

    User Account Control: Run all users, including administrators, as standard users.

    This security setting determines the behavior of all UAC policies for the entire system.

    The options are:

    • Enabled: Admin Approval Mode and all other UAC policies are dependent on this option being enabled.  Changing this setting requires a system reboot.

    • Disabled: Admin Approval Mode user type and all related UAC policies will be disabled.  Note: the Security Center will notify that the overall security of the operating system has been reduced.

    Default: Enabled

    • Marked as answer by c0pe Tuesday, January 12, 2010 9:09 PM
    Tuesday, January 12, 2010 8:43 PM
  • Thanks Brian,

    If I understand correctly then, this one registry setting does in fact work on server 2008 R2 then, not just windows 7. Thats what I needed know. As I said in my post, I need to configure this setting via script, so I won't be using GPO's, but I appreciate the suggestions.
    Tuesday, January 12, 2010 9:15 PM
  • You are welcome.

    Yes, it works for all my machines, both physical and virtual, on my home domain.
    Tuesday, January 12, 2010 9:19 PM
  • Hi c0pe,

     

    Based on my test, setting the value of EnableLUA to 0 can disable UAC on Windows Server 2008 R2. It also works for Windows Vista, Windows Server 2008 and Windows 7.

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

     

    Regards,

    Bruce

    Wednesday, January 13, 2010 8:50 AM